package com.lhf.fvsgateway.config;

import com.lhf.userserviceapi.dto.FvsSysRoleDTO;
import com.lhf.userserviceapi.service.UserService;
import org.apache.dubbo.config.annotation.DubboReference;
import org.springframework.http.HttpMethod;
import org.springframework.http.server.RequestPath;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

import java.util.Collection;
import java.util.Set;
import java.util.stream.Collectors;

/**
 * <p></p>
 *
 * @author liuhf
 * @createTime 2021/4/2 14:55
 * @since 1.0
 */
@Component("reactiveAuthorizationManager")
public class ReactiveAuthorizationManager implements org.springframework.security.authorization.ReactiveAuthorizationManager<AuthorizationContext> {
    @DubboReference
    private UserService userFeign;

    @Override
    public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, AuthorizationContext context) {
        ServerWebExchange exchange = context.getExchange();
        //当前请求路径
        RequestPath path = exchange.getRequest().getPath();

        Set<String> roles = userFeign.findRoleByPath(path.value()).stream().map(FvsSysRoleDTO::getRole).collect(Collectors.toSet());
        //todo roles为空暂时认为该路径不受权限控制，直接放行
        if (CollectionUtils.isEmpty(roles)) {
            return Mono.just(new AuthorizationDecision(true));
        }
        //OPTIONS请求方式 直接放行
        if (exchange.getRequest().getMethod() == HttpMethod.OPTIONS) {
            return Mono.just(new AuthorizationDecision(true));
        }
       return authentication
                .filter(item -> {
                    boolean authenticated = item.isAuthenticated();
                    System.out.println("filter");
                    System.out.println(authenticated);
                    return authenticated;
                })//过滤是否授权
                .flatMapIterable(item -> {
                    Collection<? extends GrantedAuthority> authorities = item.getAuthorities();
                    System.out.println("flatMapIterable");
                    authorities.forEach(it -> System.out.println(it.getAuthority()));
                    return authorities;
                })//获取权限
                .map(item -> {
                    String authority = item.getAuthority();
                    System.out.println("map");
                    System.out.println(authority);
                    return authority;
                })//包装权限
                .any(roles::contains)//判断是否存在角色
                .map(AuthorizationDecision::new)//分装
                .defaultIfEmpty(new AuthorizationDecision(false));//否则返回默认

//        return authentication
//                .filter(Authentication::isAuthenticated)//过滤是否授权
//                .flatMapIterable(Authentication::getAuthorities)//获取权限
//                .map(GrantedAuthority::getAuthority)//包装权限
//                .any(roles::contains)//判断是否存在角色
//                .map(AuthorizationDecision::new)//分装
//                .defaultIfEmpty(new AuthorizationDecision(false));//否则返回默认
    }

    public UserService getUserFeign() {
        return userFeign;
    }

    public void setUserFeign(UserService userFeign) {
        this.userFeign = userFeign;
    }
}
